My ipset hash is full!? I'm using Ubuntu Server and I created a separate fail2ban jail that uses "iptables-ipset-proto6-allports" as their ban action (thus using ipset instead of iptables).

However, today I seem to hit the limit: stderr: 'ipset v7.15: Hash is full, cannot add more elements'.

This can be confirmed by running the ipset -t list command:

 sh

    
Name: f2b-manual
Type: hash:ip
Revision: 5
Header: family inet hashsize 32768 maxelem 65536 timeout 0 bucketsize 12 initval 0xbc28aef1
Size in memory: 2605680
References: 1
Number of entries: 65571

  

Where the 65571 entries exceeds the maxelem (65536). So what now?? Could I create a banlist in a txt file or something? I just want to ban some large tech corps: https://gitlab.melroy.org/-/snippets/619

I use FreeOTP+ which is supposed to be developed by people from the Fedora project and is protected by fingerprint on Pixel. I discovered that my 2FA was disabled on lemmy.world after I logged out and then logged back in a day later instead of just keeping the auth cookie active in Vanadium. Since 2FA is required to change settings, how was this accomplished and what can I do to ensure that it doesn't happen again?

3TOFU: Verifying Unsigned Releases

By Michael Altfield
License: CC BY-SA 4.0
https://tech.michaelaltfield.net/

This article introduces the concept of 3TOFU - a harm-reduction process when downloading software that cannot be verified cryptographically.

Verifying Unsigned Releases with 3TOFU

⚠ NOTE: This article is about harm reduction.

It is dangerous to download and run binaries (or code) whose authenticity you cannot verify (using a cryptographic signature from a key stored offline). However, sometimes we cannot avoid it. If youre going to proceed with running untrusted code, then following the steps outlined in this guide may reduce your risk.

TOFU

The NGINX access.log of my VPS is showing a curiosity.

Instead of a simple request like this...

 undefined

    
"GET / HTTP/1.1"

  

...regular requests are coming in that look like this

"\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x03\x00\x00\x00"

Is this some kind of hack attempt?

Here's an example of a full line from the log...

15.204.204.182 - - [24/Apr/2024:15:59:47 +0000] "\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x03\x00\x00\x00" 400 166 "-" "-"

EDIT: For what it might be worth, most of these requests come in singularly, from different IP addresses. Once (that I've noticed) repeated attempts came in quickly from one specific IP.

Ghidra training classes from NSA::undefined

An intro to automated evasion and compilation of .NET offensive tools::Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

Phrack #71: Call For Paper::Phrack staff website.

Hacking Terraform state to gain code execution and privilege escalation::undefined

Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor::Is Hugging Face the target of model-based attacks? See a detailed explanation of the attack mechanism and what is required to identify real threats >

New Server Side Prototype Pollution Gadgets Scanner from Doyensec::Unveiling the Server-Side Prototype Pollution Gadgets Scanner

It's now possible to find the AWS Account ID for any S3 Bucket (private or public)::A technique to find the Account ID of a private S3 bucket.

“SubdoMailing” — Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails::undefined

SEO Poisoning to Domain Control: The Gootloader Saga Continues::Key Takeaways More information about Gootloader can be found in the following reports: The DFIR Report, GootloaderSites, Mandiant, Red Canary, & Kroll. An audio version of this report can be … Read More

Code injection or backdoor: A new look at Ivanti's CVE-2021-44529::In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!

Python Risk Identification Tool for generative AI (PyRIT)::The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems. - Azure/PyRIT

New TP-Link authentication Bypass!::undefined

Optum / Change Healthcare Breach::Optum Solutions's Status Page - Update: Some applications are experiencing connectivity issues..

Ongoing Malware Laced Developer Job Interviews::Phylum continues to discover malware polluting open-source ecosystems. In this blog post, we take a deep-dive into an npm package trying to masquerade as code profiler which actually installs several malicious scripts including a cryptocurrency and credential stealer. Curiously, the attacker attempted to hide the malicious code in a test

Lockbit Ransomeware global taketown::With indictments and arrests.